Professional Documents
Culture Documents
Service Pack 2
Summary
This document summarizes feature changes and additions for Microsoft® Windows® XP Embedded with
Service Pack 2.
Introduction
Microsoft® Windows® XP Embedded with Service Pack 2 (SP2) combines the benefits of Windows XP
Professional Service Pack 2 with enhancements that are targeted to embedded device development.
Windows XP Professional SP2 includes new security technologies that affect network protection, memory
protection, Web browsing, and e-mail handling. Windows XP Embedded with SP2 includes these important
security changes. Windows XP Embedded with SP2 also provides updates to Windows features such as
Microsoft® DirectX®, and to embedded supporting features such as the Minlogon single-user
environment.
This document describes the new and changed features of Windows XP Embedded with SP2 in terms of
The following table provides a summary of key feature changes in Windows XP Professional that are
included in Windows XP Embedded with SP2. This table also describes Window XP Professional features
Microsoft DirectX 9.0c Provides the resources you need to run applications that are compatible
with DirectX 9.0c on your embedded devices.
Microsoft® .NET Framework Provides the resources you need to run applications that are compliant
1.1 with .NET Framework 1.1 on your embedded devices.
Microsoft® Windows Media® Provides the resources you need to run applications for Windows Media
Player 9 Series Player 9 Series on your embedded devices.
Microsoft® Software Update Provides a complete solution for servicing embedded devices. You can now
Services (SUS) use SUS to manage the distribution of Windows updates to Windows XP
Embedded-based clients.
Terminal Server Remote Updates the remote desktop capabilities of your embedded devices.
Desktop
The following table provides a summary of changes to the embedded enabling features in Windows XP
Windows application Increase application compatibility between your run-time image and
compatibility macro applications in areas of multimedia, networking, shell, Windows core, and
components Windows Management Instrumentation (WMI).
Generic Device Driver Quickly add support for one or more device classes to your run-time image.
Support component
Enhanced Write Filter Reduce boot time for your EWF-protected run-time image by using a
(EWF) hibernation file.
Windows XP Embedded Read the latest Help documentation for expanded information about security
documentation and servicing, as well as more how-to topics. Component Help is now
available for every component in the Windows Embedded Studio component
database and includes detailed information about dependencies, resources,
and interfaces.
Windows XP Embedded with SP2 helps makes it easier to design and configure your run-time image for
better security, device support, and for application compatibility. This section provides a summary of
For more information about using Windows XP Embedded to design a run-time image, see Design a Run-
Windows XP Embedded with SP2 includes updated components for the following Microsoft Windows
DirectX 9.0c component in the Windows Embedded Studio component database to run C, C++ and C#
For information about dependencies and included files for the DirectX 9.0c component, see the Component
Help in Windows XP Embedded with SP2. For information about writing DirectX 9.0c applications, see the
Windows XP Embedded with SP2 provides support for the Microsoft .NET Framework 1.1. The .NET
Framework 1.1 component that is included in the Windows Embedded Studio component database
supplies the common language runtime (CLR) and the .NET Framework class library. This version of the
.NET Framework delivers increased scalability and performance, and also includes:
• Support for the execution of Windows Forms assemblies from the Internet
For information about dependencies and included files for the .NET Framework 1.1 component, see the
Component Help documentation in Windows XP Embedded with SP2. For more information about .NET
Windows XP Embedded with SP2 offers support for Microsoft Windows Media Player 9 Series. Windows
Media Player 9 Series introduces new features including fast streaming, auto playlists, crossfading, and
volume leveling.
For information about dependencies and included files for the Player, see the Component Help
documentation that is included in Windows XP Embedded with SP2. For more information about Windows
Media Player, see Windows Media Player 9 Series on the Microsoft Web site.
Windows XP Embedded with SP2 includes remote desktop support for embedded devices in the Terminal
Server Remote Desktop component. For information about dependencies and included files, see Terminal
Server Remote Desktop in the Component Help documentation that is provided in Windows XP Embedded
with SP2.
Windows Firewall
Windows Firewall is enabled by default. This On-by-Default setting provides increased network protection
for Windows XP Embedded-based run-time images that use the Windows Firewall components. On-by-
Default affects both IPv4 and IPv6 traffic, and protects network connections as they are opened on your
devices. The Windows Firewall feature is divided into two components that are located in the Windows
Embedded Studio component database. The following table describes these components.
Component Description
Windows Firewall Control Provides the Control Panel user interface that allows users to view and
Panel change Windows Firewall settings.
For more information about these components, see the Component Help documentation in Windows XP
For more information about using Windows Firewall in your run-time image, see Windows Firewall in the
For detailed information about the changes to Windows Firewall for Windows XP Professional SP2, see the
white paper entitled Changes to Functionality in Microsoft Windows XP Professional Service Pack 2 on the
Windows XP Embedded with SP2 introduces new features that make it easier to build device driver support
and application compatibility into your run-time images. This release also includes changes to embedded
enabling features such as Minlogon and Enhanced Write Filter (EWF). These feature changes and additions
Application Compatibility
Windows XP Embedded with SP2 supplies application compatibility macro components for multimedia,
networking, shell, Windows Management Instrumentation (WMI), and Windows core functionality.
Your run-time image must include certain components to be compatible with the applications that your
device will run. A typical strategy for achieving application compatibility begins with specifying the
applications that your device will run and determining their requirements. The next step is to locate the
components that satisfy those requirements and include them in your run-time image. This can be a
laborious process.
An easier way to achieve application compatibility between your run-time image and applications is to use
Multimedia Application Packages most of the components that are used to provide Windows-based
Compatibility multimedia services. Includes components that support features such as
GDI, kernel streaming, DirectX, OpenGL, and Windows Media.
Shell Application Packages most of the user interface elements that are contained in the
Compatibility Windows Explorer shell. Includes components for all Control Panel items
and for all shell Explorer components.
Windows Management Packages the features that combine to create the Windows Management
Instrumentation Technologies Instrumentation (WMI) technologies.
Windows Application Packages the components of the Windows API, including the Advanced,
Compatibility GDI, and kernel-mode and user-mode components.
You can use these macro components during testing to find missing dependencies in your configuration
Each of these components includes a broad range of applications and has a sizeable footprint. In Target
Designer, you can optionally exclude unnecessary components from each of these macro components to
For more information about using the application compatibility macro components, see Using Macro
detailed information about the dependencies of each application compatibility macro component, see the
For more information about Windows XP Embedded and application compatibility, see Application
For more information about application development in Windows XP Embedded, see Application
Windows XP Embedded with SP2 introduces the Generic Device Driver Support component. You can use
this component during the design phase to quickly add support to your run-time image for one or more
device classes, including the keyboard, printer, and modem device classes.
You can configure the Generic Device Driver Support component in Target Designer to include support for
selected device classes. The device drivers that belong to the device classes that you select are
automatically added to your run-time image during the build process. The appropriate class installers for
the device classes that you select are also automatically added to your run-time image.
Using the Generic Device Driver Support component can help to reduce development time. However,
adding support for entire device classes does impact footprint and build time. This component includes
other settings to manage these effects. For example, you can choose whether to include or exclude
component resources, such as registry information, from your run-time image. You can also choose
whether to process the device driver dependencies of the device classes that your run-time image
supports.
There are some limitations to the support that this component can provide. For example, third-party
device driver files must be manually added to a configuration that uses the Generic Device Driver Support
component. Additionally, some IEEE 1394 devices may have additional driver-related dependencies that
are not satisfied by this component. For more information, see the Component Help documentation for
The following table shows the settings for the Generic Device Driver Support component.
Device driver class Cleared Select one or more of the listed device classes.
Include registry entries and Cleared Causes registry data and other resources to be copied into
other resources for this the run-time image. This increases the size of the run-time
component image that is built and the time that it takes to build it.
resources are not added to the run-time image and Plug and
capabilities. In Windows XP Embedded with SP2, EWF supports hibernation in RAM and RAM Reg modes.
Hibernation makes it possible to save to and boot from a file (a hibernation file) that defines the state of a
system. Booting from a hibernation file reduces boot time and allows you to preserve system state
For more information about using EWF with hibernation, see Hibernation and EWF in the Windows XP
Embedded documentation.
Minlogon
Minlogon is an embedded enabling feature that provides Windows logon support for a single-user
environment. In Windows XP Embedded with SP2, the Minlogon environment supports the hibernation and
standby power management features. Windows XP Embedded with SP2 supports these power
management features by including the power management application. This application contains a DLL
called Xpepm.dll that makes it possible to use standard power management features in configurations that
do not include the Windows user interface for the Start menu.
For information about how to support hibernation and standby in your run-time image, see Power
Documentation
Windows XP Embedded with SP2 provides documentation that integrates the latest information with
tutorials and how-to topics to make it easier to get the most out of Windows XP Embedded. The
documentation includes new information about embedded enabling features such as Device Update Agent
(DUA), First Boot Agent (FBA), and Enhanced Write Filter (EWF). It also includes new information about
security and servicing, as well as detailed information about using Windows Firewall.
The Component Help documentation now includes dependency lists for all components, as well as included
interfaces, files, and registry information. The table of contents for the Component Help documentation
has been reworked to mirror the organization of components in the Windows Embedded Studio component
database.
For more information about changes to the documentation for Windows XP Embedded with SP2, see
What's New in the Windows XP Embedded documentation. The Component Help documentation is
increased security when compared with Windows XP Professional SP1. Windows XP Embedded with SP2
incorporates Windows XP Professional SP2 security changes and adds new support for run-time
management and servicing. This can help increase security for device development with Windows XP
Embedded with SP2. This section summarizes the security changes for Windows XP Embedded with SP2
Windows XP Professional SP2 provides broad security changes that affect the functional areas shown in
Memory protection Increases protection against buffer overruns. Where possible, supplies
operating system support for hardware-enforced data execution prevention
(DEP).
E-mail handling Includes default settings that increase security and offers improved control
of e-mail attachments.
Browsing security Improves the security of the Local Machine zone to prevent malicious
scripts from running.
their devices.
Computer maintenance Provides support for Security Center, a central location for users to get
information about the security of their devices.
installation process.
For detailed information about security changes in Windows XP Professional SP2, see the white paper
entitled Changes to Functionality in Microsoft Windows XP Service Pack 2 on the Microsoft Web site.
Security Considerations
The process of building security protections into an embedded run-time image begins in the design phase
and continues into the servicing phase. Some fundamental considerations for building security protections
• Add support for run-time management and servicing to make it easier to update devices and help
The Windows security changes include some surface area reductions. You can further increase the security
of your run-time image by including only the components that your device requires. This will reduce the
Reducing your exposure to attack also means eliminating unnecessary services from your run-time images
or setting services to be disabled. For information about the Windows Embedded Studio components that
supply Windows services, see Componentized Windows Services in the Windows XP Embedded
documentation.
The Windows security changes affect a wide range of Windows features and their default settings. If your
devices use applications that require certain default settings, you may have to resolve incompatibilities by
rewriting the code of those applications, or by changing the default settings of the affected features on
One of the most important security changes in Windows XP Embedded is that Windows Firewall is enabled
by default. You can configure the firewall to open specific ports and to allow only certain applications to
communicate through ports. Windows Firewall is described in more depth earlier in this document. For
information about configuring Windows Firewall in your run-time image, see How to Configure Windows
Windows XP Embedded with SP2 also includes a new registry key to improve Remote Procedure Call (RPC)
security. The RestrictRemoteClients registry key helps prevent remote access to RPC interfaces that
exist on a computer. For more information about Windows XP Embedded and RPC, see RPC Interface
Designing a servicing strategy into your run-time image helps increase the security of your device over its
lifetime. The following section provides information about new servicing support in Windows XP Embedded
with SP2.
For general information about how to increase device security, see Network Security Considerations in the
Network Security Components in the Windows XP Embedded documentation. This page maps components
For more information about building security into your run-time image, see Add Security Features to a
Windows XP Embedded with SP2 offers new support for embedded run-time management and servicing.
This section briefly describes these new management and servicing options. For more information about
servicing with Windows XP Embedded, see Servicing in the Windows XP Embedded documentation.
Windows XP Embedded with SP2 provides support for Microsoft Software Update Services (SUS). SUS
provides a complete servicing solution for managing the distribution of Windows updates to Windows
clients, including Windows XP Embedded. SUS makes it possible for updates to be automatically installed
on deployed devices, and for you to manage the update process remotely.
To use SUS as your servicing solution, you must set up and configure a SUS server on your intranet. The
configured SUS server component provides you with a Windows Update Server that polls the Microsoft
Windows Update Web site and downloads the available updates. SUS uses Internet Information Services
(IIS) and Background Intelligent Transfer Service (BITS) to download updates to clients.
After the SUS server is created, an administrator manages the update process. Administrative tasks
include configuring the Group Policy settings on deployed devices, and testing and approving Windows
The following table shows the client components that are provided by Windows XP Embedded with SP2 in
Component Description
Windows Update Agent Obtains updates for clients from the Microsoft Windows Update Web site.
Provides the Windows Update Agent service called Automatic Updates.
Windows Update Agent for Provides the files that are required to use the Microsoft Windows Update
SUS Servers Web site.
Windows Update for Device Obtains drivers from Windows Update for Device Manager wizards.
Drivers
In addition to installing and configuring a SUS server, you must build support for SUS into your run-time
image. This support is provided by adding the Windows Update Agent component, and the Windows
None of the client components include settings that are configurable in Target Designer. Instead, the client
components are configured by updating Group Policy after the run-time image is deployed. You can use
Microsoft Active Directory or Microsoft Management Console (MMC) to update Group Policy on a deployed
run-time image. You can also use Registry Editor to edit the registry directly.
For more information about the Windows Update Agent components, including component dependencies,
For detailed information about using SUS to service embedded run-time images, see the white paper
entitled Using SUS with Windows XP Embedded with Service Pack 2, on the MSDN Web site.
Microsoft® Systems Management Server (SMS) is an enterprise-level management solution that provides
security patch management capabilities, client monitoring, and reporting for all Windows clients in a
domain. Embedded developers can now use SMS to manage the deployment of security patches to
Windows XP Embedded-based devices. Client and server components for SMS are not included in the
For more information about SMS, see the Microsoft Systems Management Server Web site.
The information contained in this document represents the current view of Microsoft Corporation on the
issues discussed as of the date of publication. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot
guarantee the accuracy of any information presented after the date of publication. Schedules and
features contained in this document are subject to change.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Microsoft, Windows XP and Windows Embedded are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries. The names of actual companies and
products mentioned herein may be the trademarks of their respective owners.